News Feed
- DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.
- Retro Market has gone offline. Circumstances of the closure unknown.
- SuperMarket has closed following an exit scam by one of the admins.
- The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.
- Silk Road
- darknet markets list
- Popular P2P exchange LocalMonero has announced it is closing.
😘
BD
Your first thought when seeing me comment on anything is to put a negative spin on it, the market cannot just continue under the same parameters and its unacceptable by any market for this to happen even once, but twice... I'm calling it for what it is, this is an exit scam by the Admin, the difference here being a co-admin still being here to immediately report that and own up to what has happened. There likely isn't much that can be done here, but will talk through it with MB properly once they have rested.
While I respect the honesty and attempt to fix things and MB's dedication, the market shouldn't have gone back online until there were measures taken to avoid the same thing happening.
Nobody can guarantee that the one owner won't run off too, but the owner runs off, exit scam, market done. Period.
I guess I should've done my homework better on the SM.
That is definitely a different story than an Admin theft and is understandable.
I'll keep the faith. Good of you to help MB out, best of luck to you all!
Malicious user input was ruled out as it ocurred on a fixed amount from a dispute refund and they had lock protections for repeat requests. Which if true and if their protections worked as expected, would point to a possibility of the same transaction being possible to become a batch transaction with multiple amounts (all the same in this case) being submitted in the transaction when a timeout occurs. If this was a problem outside of their applications, then it opens the idea to a zero day in the Monero RPC, which I do find unlikely, or possibly they were using a library for the RPC communication which is mis-handling timeout exceptions.
This is an alt account for obvious reasons but yea, I came here to share my thoughts on this.
What I think happened here is literally what the dev claimed did NOT happen. A race condition resulting from a failure to lock db reads/writes during dispute refund process.
-> Endpoint (E) gets called and results in a function (F) responsible for a dispute refund being called
-> Function (F) opens TCP socket to call Monero API endpoint (Let's say via TOR so we can really visualize the amount time this would take)
-> Takes forever [...]
-> Endpoint (E) gets called once again (100 times for example)
-> Function (F) gets called 100 times and hits the code segment responsible for calling the Monero API endpoint as the first RPC call still hasn't finished and the involved db records are not locked.
-> Even if the first RPC call finishes and the code segment responsible for updating the involved DB record to reflect that it has already been refunded does its job, by the time it does, the other API calls will have been made already.
-> Boom
There could be plenty of similar scenarios like failures related to committing db transactions etc. To be fair, I don't know what DB / tech stack in general they use to perform operations like this but I have certainly run into similar problems.
Also, nobody would use such a valuable chain exploit to drain the wallet of such a small project.
Cheers Hug :)
Hoping /u/Hugbunter can discover something. Good luck, guys.
He once said I'll ask the admin to restart the Titan server, and magically the restart was done instantly.
Someone told me you like childrens, and this is why you are so angry at the world.
Respectfully, your comment seems ignorant to me. If it were that easy, why don't you have a site?
It breaks the concept of trust which is absolutely needed in a dark net marketplace.
MommaBear hasn't failed so far. So I don't know why you're saying that the entire site is a failure and they should just give up.
If someone wants to keep people from stealing their gun, but still want to access it so they can defend themself, what do you propose prevents that gun owner from shooting innocent people? Have him put it in a safe and throw away the key? That kinda defeats the purpose.
I'm not saying that super is totally innocent & justified. It's still scary and shakes trust a bit, but you're acting like this could've been prevented.
But I don't comprehend any of the core coding/site building and maintenance stuff. That is far beyond me.
Sorry to everyone affected by SM.
Just got caught up on the Pharoah stuff a few days ago. But I'll pop into that thread for that.
- They have a rule about not doing anything in Post-Soviet/Russian related country like AlphaBay 2.
- Integrated ONION Jabber server like DS did with TitanXMPP.
I could be wrong but who knows, everything is fucked up in the dark net.
Eckmar ? Lmao.
Come on Snake, you said you'll update the design of DrugHub and haven't done so.. is that because you told me you are shit with Front-end?
Here you are right, that's why someone else was hired to do the UI. "Nice UI" is subjective, some like it some don't, that's fine.
But saying it's Eckmar it's like saying Dread is phpBB lmao. Keep'em coming chief, I find your deep knowledge of everything quite amusing.
Dread is very much based on postmill[.]xyz so yeah It's like saying DrugHub look like Eckmar .Good job on using irony to deflect the main point. A treat should be rewarded to you.
Japanese people have webpages that are extremely cluttered & condensed; they would find that nice, but wouldn't like streamlined and efficient pages of the Western world.
Anyway it all gets down to semantics and I'm sure it could go either way.
ffs this last year has been fucking brutal sadly.
FYI, if you are unable to connect, try SHIFT + CTRL + L. That'll refresh with new circuit that's hopefully filled with less traffic.